2.2.4. Configuring Campsite to Work Over SSL
Starting with version 2.3.0 Campsite can work over encrypted connections (SSL). This article will explain how to configure apache for SSL.
Allocate a separate IP address for each Campsite instance you want to run over SSL. You will have to set this IP address to one of your server network interfaces. We don't provide detailed information about network interface configuration process here because it's outside the scope of Campsite. Read 'ifconfig' manual page for more details, search for “configuring network interfaces on linux” on Google or try this link: http://www.faqs.org/docs/linux_network/x-087-2-iface.html. We will refer to this IP address as [my_IP_address] in the following steps.
Locate the “Listen” directive in the main apache configuration file and add the following new lines after it if they did not exist already:
Listen 80
Listen 443
Locate the “NameVirtualHost” directive in the main apache configuration file and add the following new lines after it:
NameVirtualHost [my_IP_address]:80
NameVirtualHost [my_IP_address]:443
In case there are duplicate NameVirtualHost directives remove the duplicates.
Generate certificate and key for the SSL virtual host. We don't provide detailed information about this process here because it's outside the scope of Campsite. Read http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html for details. If your apache has SSL module loaded you can skip to: “About Configuration” and “About Certificates”. This step will generate at least two files: certificate file, referred here as [certificate_file] and certificate key file, referred here as [certificate_key_file]. Install these two files into your apache certificates directory, referred here as [certificates_directory].
Edit the instance virtual host file generated by Campsite (read “1.2.1 Configure the Web server” to learn how to locate it).
Duplicate the virtual host definition in this file: copy the whole section in between <VirtualHost [...]> and </VirtualHost>, including these tags and paste it at the end of the file.
Edit the first virtual host definition and replace the existing <VirtualHost [...]> tag with:
<VirtualHost [my_IP_addresss]:80>
Edit the second virtual host definition and replace the existing <VirtualHost [...]> tag with:
<VirtualHost [my_IP_address]:443>
Edit the second virtual host definition and add the following lines into your virtual host definition:
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile [certificates_directory]/[certificate_file]
SSLCertificateKeyFile [certificates_directory]/[certificate_key_file]
Note: When generating the SSL certificate at step 4 make sure you enter the FQDN ("Fully Qualified Domain Name") of the server when OpenSSL prompts you for the "CommonName", i.e. when you generate a CSR for a website which will be later accessed via https://www.foo.dom/, enter "www.foo.dom" here. The FQDN you supply as “CommonName” must be the same as the value of “ServerName” in the Campsite instance virtual host.
The following is an example of a fully configured Campsite instance:
- main apache configuration file:
Listen 80
Listen 443
NameVirtualHost 192.168.2.101:80
NameVirtualHost 192.168.2.101:443
- Campsite instance virtual host configuration file:
<VirtualHost 192.168.2.101:80>
DocumentRoot /usr/local/campsite/www/campsite/html
ScriptAlias /cgi-bin/ /usr/local/campsite/www/campsite/cgi-bin/
ServerName www.mydomain.org
DirectoryIndex index.php index.html
<Directory /usr/local/campsite/www/campsite/html>
Options -Indexes FollowSymLinks MultiView
AllowOverride All
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
<Directory /usr/local/campsite/www/campsite/cgi-bin>
AllowOverride All
Options ExecCGI
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
AddHandler tpl_handler .tpl
Action tpl_handler /cgi-bin/tpl_cgi
AddType application/x-httpd-php .php .wrap
</VirtualHost>
<VirtualHost 192.168.2.101:443>
DocumentRoot /usr/local/campsite/www/campsite/html
ScriptAlias /cgi-bin/ /usr/local/campsite/www/campsite/cgi-bin/
ServerName www.mydomain.org
DirectoryIndex index.php index.html
<Directory /usr/local/campsite/www/campsite/html>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
<Directory /usr/local/campsite/www/campsite/cgi-bin>
AllowOverride All
Options ExecCGI
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.pem
AddHandler tpl_handler .tpl
Action tpl_handler /cgi-bin/tpl_cgi
AddType application/x-httpd-php .php .wrap
</VirtualHost>
add a note
User Contributed Notes
2.2.4. Configuring Campsite to Work Over SSL
There are no user contributed notes for this page.
2.2.3. Configure the Web Server